Oracle Recovery Tools恢复csc higher than block scn

Posted on 2023 年 06 月 22 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：Oracle Recovery Tools恢复csc higher than block scn

有客户强制关闭数据库,结果有数据块报坏块,dbv检查为:csc higher than block scn问题

该问题主要是由于scn异常导致通过Oracle Recovery工具进行修复

dbv再次验证数据块ok,Oracle Recovery完美代替bbed解决该问题

通过OraRecovery工具快速解决csc higher than block scn故障
软件下载:OraRecovery下载
使用说明:使用说明

.mdf.locked加密sql server完美恢复

Posted on 2023 年 06 月 12 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.mdf.locked加密sql server完美恢复

有可能用友ERP软件的sql server 数据库所在机器被勒索病毒加密,扩展名为.locked和昨天恢复的基本类似(.locked加密勒索数据库级别恢复),通过分析确认sql server被这种病毒加密,也可以完美恢复

通过恢复之后数据库正常挂载成功

测试应用一切正常

对于类似这种被加密的勒索的数据文件,我们可以实现比较好的恢复效果,如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持，请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
系统安全防护措施建议：
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。
9.保存良好的备份习惯，尽量做到每日备份，异地备份。

.locked加密勒索数据库级别恢复

Posted on 2023 年 06 月 10 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.locked加密勒索数据库级别恢复

有客户数据库被加密成.locked结尾的扩展名,数据库无法正常使用

对应的READ_ME1.html文件中信息类似:
send 0.1btc to my address:bc1ql8an5slxutu3yjyu9rvhsfcpv29tsfhv3j9lr4. contact email:service@hellowinter.online,if you can’t contact my email, please contact some data recovery company(suggest taobao.com), may they can contact to me .your id: ATNtkQxKZ8uaTNt3etgDXVdN2MjvPC8XoWOpoc7l25Dyg5ePEA6AFtj0sE8rYUX+Jm+1ajXASCAREJO8GD+53eqiUX26/s2aTX4uTkaAY90xTg6UIQ1SqhPpylXRsY759aUnOPeHWuv8fwj03g7vN68ctgjiRgHz3h1gNoOEDzT0GLGbr9+X6G2oCx23kNyWj3m2IXPJtyY8XqRa0UI1zNyjwyNoE6qNu0ZufInCnHKVrAp95ngibtUSmc6z+vYl8ROQlsPqi9UfyO0P3Wk2k9pLxLKsej7cBl0qtYEfRTou1v0/Ca4y57o1Djpaieklk2Ne03gYGztrGtS77S/zVzrg5B3x64qVuYNzQH9+LtmPE+6RqJY06CSmYr5f3GN1kEBuhsnGlNWjVJjjWimEMJXYMqqAY8fwb5DYxC/XCYg6jbg85R4CTOeE9DfC6yoPpsG1yXpDilBIFhFiTjWj9t94g0TBHi11dNBz1Fr+0x6TpmgfA9d0L/yjZSOTr7hQ9CeMn2eWjkYZ2jIoSV7XlHyDCbPRPlCTOnOX3ZP9zgQ48tXgJWbkds8SATOzjJk3+ttl+JNN7jScNvs7MZX0oVSyXVDrAdCHpftY63riuDuyE7rVBjtkOPr5njKSpA6K9EBD+FnCwQDzja7z78kOKXA/ddFj79mznzcnbODE8qnxitzNdv9SuQkJU+qVoH+fSndDGkDDxNliZJypHdwKM3ooO2q7fayq1Iw0dEN3FHbqgY/m3drUqge3UV07VrV9ht+tUzozUPoVBZbKSgZuYK2FKlXhlxhV/PXlskNtx+YFi1T4yzqjcT0a8HE5huQQzehDPeKQTRRpU+u9aq4TAxotjcTS1sfe/qgRKYyq+qLHg9rfFCcr5NjJPDSpWLTlhB+hUTK/iZqjYBaEccJjyvi0i+/5bDqmGmqkFeyWToyqhwlk4hN1IGyOHJY7Jf6a1S6CogVb34ArTOPFk2gKD7o4vXbERUmhw5xiP9c6Zwir2ENBdDaCl5p9oh44jpeoJqptZR4Uu1k8eqQNtUuXqlU9xvjaxt+dgXMQaul65nmgxgMmLUHjSSXZhGNzyeVGkz2KrP97ZLqYCq29iYoUt9WTLAmFtj0F+l4uYTj58+7xHM1/oXIMEOt3RmFv183I/yDesJaoV11cpbQUp1KJZvRvbws6CcajMnaH3zHJ7FHg74=
通过自研的oracle勒索加密恢复工具快速恢复文件

实现数据库直接open成功,实现数据0丢失

ORA-16038 ORA-00354故障处理

Posted on 2023 年 05 月 24 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：ORA-16038 ORA-00354故障处理

遇到一个案例,数据库open报ORA-16038,ORA-00354等错误

查询该redo状态(使用Oracle数据库异常恢复检查脚本(Oracle Database Recovery Check)脚本收集),确认为inactive

由于inactive 状态的redo损坏,无法被arch进程归档导致数据库无法正常open,尝试强制clear联机日志

由于25号文件属于offline状态,导致联机日志无法正常被clear,报ORA-00393 ORA-00312等错误.通过试验重现该问题.

SQL> alter database datafile 5 offline;

Database altered.

--使用一些技巧让数据库无法归档

SQL> select group#,status,archived from v$log;

    GROUP# STATUS           ARC
---------- ---------------- ---
         1 INACTIVE         NO
         2 ACTIVE           NO
         3 CURRENT          NO

SQL> shutdown abort;
ORACLE instance shut down.
SQL> startup mount;
ORACLE instance started.

Total System Global Area  626327552 bytes
Fixed Size                  2255832 bytes
Variable Size             234882088 bytes
Database Buffers          385875968 bytes
Redo Buffers                3313664 bytes
Database mounted.
SQL> alter database clear unarchived logfile group 1;
alter database clear unarchived logfile group 1
*
ERROR at line 1:
ORA-00393: log 1 of thread 1 is needed for recovery of offline datafiles
ORA-00312: online log 1 thread 1: '/u01/app/oracle/oradata/orcl/redo01.log'
ORA-01110: data file 5: '/u01/app/oracle/oradata/orcl/t_xifenfei01.dbf'

SQL> !oerr ora 393
00393, 00000, "log %s of thread %s is needed for recovery of offline datafiles"
// *Cause:  Log cannot be cleared because the redo in it is needed to recover
//          offline datafiles. It has not been archived so there is no
//          other copy available. If the log is cleared the tablespaces
//          containing the files will have to be dropped.
// *Action: Archive the log then repeat the clear command. If archiving is not
//          possible, and dropping the tablespaces is acceptible, then add the
//          clause UNRECOVERABLE DATAFILE at the end of the clear command.


SQL>  alter database clear unarchived logfile group 1 unrecoverable datafile;

Database altered.

SQL> select group#,status,archived from v$log;

    GROUP# STATUS           ARC
---------- ---------------- ---
         1 UNUSED           YES
         3 CURRENT          NO
         2 ACTIVE           NO

客户的问题也是通过unrecoverable datafile 方式强制clear联机日志成功,数据库open成功

unknown variable ‘default-character-set=utf8′ 处理

Posted on 2023 年 05 月 22 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：unknown variable ‘default-character-set=utf8′ 处理

分享一例由于mysql参数配置不当,当时mysql无法正常启动的case

[root@XIFENFEI ~]# service mysql start
Redirecting to /bin/systemctl start mysql.service
Job for mysqld.service failed because the control process exited with error code. 
See "systemctl status mysqld.service" and "journalctl -xe" for details.
[root@XIFENFEI ~]# systemctl status mysqld.service
 mysqld.service - LSB: start and stop MySQL
   Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2023-05-22 16:09:57 CST; 13s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 101951 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS)
  Process: 102545 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=1/FAILURE)

May 22 16:09:53 RHAA08-0901 systemd[1]: Starting LSB: start and stop MySQL...
May 22 16:09:57 RHAA08-0901 mysqld[102545]: Starting MySQL.... ERROR! 
            The server quit without updating PID file (/www/se....pid).
May 22 16:09:57 RHAA08-0901 systemd[1]: mysqld.service: control process exited, code=exited status=1
May 22 16:09:57 RHAA08-0901 systemd[1]: Failed to start LSB: start and stop MySQL.
May 22 16:09:57 RHAA08-0901 systemd[1]: Unit mysqld.service entered failed state.
May 22 16:09:57 RHAA08-0901 systemd[1]: mysqld.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

mysql日志

2023-05-22T06:59:57.646266Z 0 [Warning] option 'max_allowed_packet': unsigned value 107374182400 adjusted to 1073741824
2023-05-22T06:59:57.646480Z 0 [Note] --secure-file-priv is set to NULL. 
          Operations related to importing and exporting data are disabled
2023-05-22T06:59:57.646548Z 0 [Note] /www/server/mysql/bin/mysqld (mysqld 5.7.41-log) starting as process 79451 ...
2023-05-22T06:59:57.726167Z 0 [Note] InnoDB: PUNCH HOLE support available
2023-05-22T06:59:57.726257Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2023-05-22T06:59:57.726269Z 0 [Note] InnoDB: Uses event mutexes
2023-05-22T06:59:57.726286Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2023-05-22T06:59:57.726296Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.12
2023-05-22T06:59:57.726306Z 0 [Note] InnoDB: Using Linux native AIO
2023-05-22T06:59:57.726975Z 0 [Note] InnoDB: Number of pools: 1
2023-05-22T06:59:57.727161Z 0 [Note] InnoDB: Using CPU crc32 instructions
2023-05-22T06:59:57.733999Z 0 [Note] InnoDB: Initializing buffer pool, total size = 4G, instances = 8, chunk size = 128M
2023-05-22T06:59:58.051369Z 0 [Note] InnoDB: Completed initialization of buffer pool
2023-05-22T06:59:58.087559Z 0 [Note] InnoDB: If the mysqld execution user is authorized,
 page cleaner thread priority can be changed. See the man page of setpriority().
2023-05-22T06:59:58.099727Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
2023-05-22T06:59:58.202034Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2023-05-22T06:59:58.202150Z 0 [Note] InnoDB: Setting file '/www/server/data/ibtmp1' size to 12 MB. 
Physically writing the file full; Please wait ...
2023-05-22T06:59:58.242233Z 0 [Note] InnoDB: File '/www/server/data/ibtmp1' size is now 12 MB.
2023-05-22T06:59:58.244128Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
2023-05-22T06:59:58.244163Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
2023-05-22T06:59:58.244910Z 0 [Note] InnoDB: Waiting for purge to start
2023-05-22T06:59:58.295153Z 0 [Note] InnoDB: 5.7.41 started; log sequence number 1184000067
2023-05-22T06:59:58.295727Z 0 [Note] InnoDB: Loading buffer pool(s) from /www/server/data/ib_buffer_pool
2023-05-22T06:59:58.296135Z 0 [Note] Plugin 'FEDERATED' is disabled.
2023-05-22T06:59:58.296288Z 0 [Note] InnoDB: Buffer pool(s) load completed at 230522 14:59:58
2023-05-22T06:59:58.299095Z 0 [ERROR] unknown variable 'default-character-set=utf8'
2023-05-22T06:59:58.299131Z 0 [ERROR] Aborting

2023-05-22T06:59:58.299179Z 0 [Note] Binlog end
2023-05-22T06:59:58.299530Z 0 [Note] Shutting down plugin 'ngram'
2023-05-22T06:59:58.299560Z 0 [Note] Shutting down plugin 'partition'
2023-05-22T06:59:58.299572Z 0 [Note] Shutting down plugin 'BLACKHOLE'
2023-05-22T06:59:58.299588Z 0 [Note] Shutting down plugin 'ARCHIVE'
2023-05-22T06:59:58.299599Z 0 [Note] Shutting down plugin 'MyISAM'
2023-05-22T06:59:58.299626Z 0 [Note] Shutting down plugin 'MRG_MYISAM'
2023-05-22T06:59:58.299641Z 0 [Note] Shutting down plugin 'MEMORY'
2023-05-22T06:59:58.299657Z 0 [Note] Shutting down plugin 'PERFORMANCE_SCHEMA'
2023-05-22T06:59:58.299797Z 0 [Note] Shutting down plugin 'CSV'
2023-05-22T06:59:58.299811Z 0 [Note] Shutting down plugin 'INNODB_SYS_VIRTUAL'
2023-05-22T06:59:58.299822Z 0 [Note] Shutting down plugin 'INNODB_SYS_DATAFILES'
2023-05-22T06:59:58.299832Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESPACES'
2023-05-22T06:59:58.299843Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN_COLS'
2023-05-22T06:59:58.299853Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN'
2023-05-22T06:59:58.299863Z 0 [Note] Shutting down plugin 'INNODB_SYS_FIELDS'
2023-05-22T06:59:58.299873Z 0 [Note] Shutting down plugin 'INNODB_SYS_COLUMNS'
2023-05-22T06:59:58.299883Z 0 [Note] Shutting down plugin 'INNODB_SYS_INDEXES'
2023-05-22T06:59:58.299893Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESTATS'
2023-05-22T06:59:58.299904Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLES'
2023-05-22T06:59:58.299914Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_TABLE'
2023-05-22T06:59:58.299924Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_CACHE'
2023-05-22T06:59:58.299934Z 0 [Note] Shutting down plugin 'INNODB_FT_CONFIG'
2023-05-22T06:59:58.299944Z 0 [Note] Shutting down plugin 'INNODB_FT_BEING_DELETED'
2023-05-22T06:59:58.299954Z 0 [Note] Shutting down plugin 'INNODB_FT_DELETED'
2023-05-22T06:59:58.299964Z 0 [Note] Shutting down plugin 'INNODB_FT_DEFAULT_STOPWORD'
2023-05-22T06:59:58.299974Z 0 [Note] Shutting down plugin 'INNODB_METRICS'
2023-05-22T06:59:58.299984Z 0 [Note] Shutting down plugin 'INNODB_TEMP_TABLE_INFO'
2023-05-22T06:59:58.299995Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_POOL_STATS'
2023-05-22T06:59:58.300005Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE_LRU'
2023-05-22T06:59:58.300015Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE'
2023-05-22T06:59:58.300025Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX_RESET'
2023-05-22T06:59:58.300035Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX'
2023-05-22T06:59:58.300045Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM_RESET'
2023-05-22T06:59:58.300055Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM'
2023-05-22T06:59:58.300066Z 0 [Note] Shutting down plugin 'INNODB_CMP_RESET'
2023-05-22T06:59:58.300075Z 0 [Note] Shutting down plugin 'INNODB_CMP'
2023-05-22T06:59:58.300085Z 0 [Note] Shutting down plugin 'INNODB_LOCK_WAITS'
2023-05-22T06:59:58.300095Z 0 [Note] Shutting down plugin 'INNODB_LOCKS'
2023-05-22T06:59:58.300105Z 0 [Note] Shutting down plugin 'INNODB_TRX'
2023-05-22T06:59:58.300116Z 0 [Note] Shutting down plugin 'InnoDB'
2023-05-22T06:59:58.300271Z 0 [Note] InnoDB: FTS optimize thread exiting.
2023-05-22T06:59:58.300437Z 0 [Note] InnoDB: Starting shutdown...
2023-05-22T06:59:58.400764Z 0 [Note] InnoDB: Dumping buffer pool(s) to /www/server/data/ib_buffer_pool
2023-05-22T06:59:58.401153Z 0 [Note] InnoDB: Buffer pool(s) dump completed at 230522 14:59:58
2023-05-22T07:00:00.340582Z 0 [Note] InnoDB: Shutdown completed; log sequence number 1184000086
2023-05-22T07:00:00.343128Z 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2023-05-22T07:00:00.343157Z 0 [Note] Shutting down plugin 'sha256_password'
2023-05-22T07:00:00.343165Z 0 [Note] Shutting down plugin 'mysql_native_password'
2023-05-22T07:00:00.343347Z 0 [Note] Shutting down plugin 'binlog'
2023-05-22T07:00:00.344547Z 0 [Note] /www/server/mysql/bin/mysqld: Shutdown complete

提示比较明显由于default-character-set=utf8参数设置不当当时,检查my.cnf配置，发现
在mysqld中配置了default-character-set=utf8,该参数正确配置为:character-set-server = utf8,设置正确参数值之后,mysql启动正常

[root@XIFENFEI data]# service mysql start
Redirecting to /bin/systemctl start mysql.service
[root@XIFENFEI data]# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.41-log Source distribution

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| 365xxxy             |
| xxxxhu         |
| xxxiuye              |
| mysql              |
| performance_schema |
| xxxxchegn         |
| sxxxxp               |
| sys                |
| xxxxc               |
+--------------------+
10 rows in set (0.00 sec)